expressjs / csurf

CSRF token middleware

expressjs/csurf Issues

Documentation on using with Ajax
Closed 6 years ago19
I don't understand how this module works.
Closed 7 years ago3
res.cookie is undefined with connect 3
Closed 10 years ago3
ignoreRoutes as extension of ignoreMethods
Closed 9 years ago9
When session store is down, csurf should call next(err), not throw error
Closed 8 years ago
Invalid Token when using 'Ignoring Routes' example
Closed 8 years ago3
Failed on validation when using with 2 backends
Updated 2 years ago
How I can validate csrf token one time with only a request
Updated 2 years ago
Add credentials warning to documentation
Closed 3 years ago7
Does cookie csurf actually work?
Closed 9 years ago11
Random 'misconfigured csrf' exception thrown
Closed 9 years ago4
Update docs to address situations with mixed protection approaches
Closed 3 years ago1
New token secret with every request
Closed 4 years ago3
per-page CSRF token support
Updated 4 years ago9
User's CSRF Token is invalid but doesn't look like so
Closed 4 years ago7
A way of getting csrfToken through POST request
Closed 6 years ago3
Feature add 'Encrypted Token Pattern'
Updated 4 years ago3
Best practice for the csrf token and secret (signed? httponly?)
Closed 4 years ago1
Upgrade to cookie@0.4.0 for SameSite=None support
Closed 4 years ago1
Expose token validation function
Updated 4 years ago7
A cookie secret is not really secret
Closed 5 years ago1
No regeneration of secret when a valid token is submitted
Closed 5 years ago2
BREACH attack mitigation
Closed 5 years ago2
Need docs and examples for working with single page application.
Closed 5 years ago3
Add ignore URL patterns (like options.ignoreMethods)
Closed 9 years ago3
Token Lifetime
Updated 5 years ago2
csrf always fails
Closed 9 years ago11
previous token still valid
Closed 6 years ago1
Disable CSRF checking during tests
Closed 6 years ago1
please document the `signed` config option
Closed 6 years ago4
Can docs clarify how cookie mode works?
Closed 6 years ago3
Cannot validate CSRF token using the example code
Closed 6 years ago4
Question: any harm in setting res.locals.csrfToken?
Closed 9 years ago2
TypeError: Bad input string - Hash.update
Closed 9 years ago9
how to handle csurf function not being available on req object when a session store goes down
Updated 9 years ago2
Allow Configuration for Session Key
Closed 9 years ago2
EBADCSRFTOKEN after session expirery
Closed 9 years ago9
Disable it for API routes
Closed 9 years ago2
When csrfToken() method is called?
Closed 9 years ago2
RFC 6648: SHOULD NOT prefix their parameter names with "X-"
Closed 9 years ago11
Remove cookie-parser requirement for double-submit cookies
Updated 9 years ago
Weird _csrf cookie issue in safari.
Closed 9 years ago3
How to expire old csrf tokens?
Closed 9 years ago3
Unable to get Angular and Express to use csrf
Closed 9 years ago1
Cookie csurf doesn't work
Closed 9 years ago57
cookie option cannot be bool true or else .key is undefined...
Closed 10 years ago5
Add an example of usage including a form
Closed 10 years ago1
err does not have property 'code'
Closed 10 years ago5
Custom error type
Closed 10 years ago2
Invalid csrf token when calling req.session.destroy()
Closed 10 years ago5